Blockchain One Pager

Explore

zkSync & zkSync 2.0

Zero-knowledge rollups

Zero-knowledge gives mathematical proofs to statements and conditions without revealing any of the information required to do so. 【short definition】

zkSync is a scaling and privacy engine for Ethereum. Its current functionality scope includes low gas transfers of ETH and ERC20 tokens in the Ethereum network, atomic swaps & limit orders as well as native L2 NFT support.

ZK Rollups中状态更改的验证是通过计算零知识证明来完成的：如果任何状态更改无效，则无法生成证明，反过来，这意味着实体验证不能包括无效的状态更改。这就是我们称它们为排序器（sequencers）而不是验证者（validators）的原因：它们不验证交易，以太坊智能合约依靠纯数学来验证。我们不需要信任他们或监控他们的欺诈行为，因为他们不能进行任何欺诈。

zkSync is built on ZK Rollup architecture. ZK Rollup is an L2 scaling solution in which all funds are held by a smart contract on the mainchain, while computation and storage are performed off-chain. For every Rollup block, a state transition zero-knowledge proof (SNARK) is generated and verified by the mainchain contract. This SNARK includes the proof of the validity of every single transaction in the Rollup block. Additionally, the public data update for every block is published over the mainchain network in the cheap calldata.

ZK rollups use validity proofs; every batch or roll-up includes a cryptographic proof called a ZK-(SNARK / STARK) that is proved by a protocol like PLONK. After proving the post-state root is correct, the rollup publishes the proof to Ethereum mainnet.

One of the currently most sought-after goals in the ZK space is to create a zk-layer 2 solution that is fully EVM-compatible/equivalent. (This is a very hard problem that has been one of the biggest hurdles that many teams are working hard to overcome. )

Most currently available solutions in production only act as payment layer with limited functionality (Polygon Hermez, Aztec, ...) or have added functionality with their custom execution engine (VM) that's non-EVM compatible (StarkEx + Cairo, Loopring, zkSync 1.x + Zinc, etc).

There are two types of operations in zkSync:

Priority operations

Transactions

⁠

The currently available iteration of zkSync is not EVM-compatible and supports payment functionality, limited smart contracts in a low-level language called Zinc, NFT minting, and a few other functions. However, there is already a fully EVM-compatible version of zkSync live on the Rinkeby testnet and is expected to launch on mainnet in the coming months.

Anyone can bridge funds to the rollup via the native bridge and use the network for payments using zkWallet. The wallet also allows users to mint and receive NFTs on the network as well as send and receive payments.

zkEVM

zkEVM is a virtual machine that executes smart contracts in a way that is compatible with zero-knowledge-proof computation. It is the key to building an EVM-compatible ZK Rollup while preserving the battle-tested code and knowledge gained after years of working with Solidity. Our zk-EVM keeps EVM semantics, but is also ZK-friendly and takes on traditional CPU architectures.

zkSync 2.0

zkSync 2.0 is the name of the network upgrade that brings zkEVM functionality and opens up the space network to Turing complete operations.

It will fully support all the tooling that is used for writing smart contracts on Ethereum, whether it's core tooling like HardHat, ethers.js, Dapptools, OpenZeppelin, Solidity, Vyper, and others. Also, core infrastructure like TheGraph will be able to index data on-chain in order to create better blockchain data fetching infrastructure for building scalable decentralized applications.

A myriad of projects is already planning to deploy their newest versions of their protocols on zkSync 2.0. This includes protocols like Aave, Curve, Balancer, 1inch, Argent wallet, and various others. It will also be supported by bridges like Connext and Hop in order to have cross-L2 liquidity without having to bridge to Ethereum.

⁠

基于 EVM 的编程模式和可组合性

从用户视角和开发者视角来看，zkSync 2.0 的设计与 EVM 并没有什么不同：

用户可以沿用自己已有的以太坊地址；

每个账户都有自己的状态；

合约可以相互调用且事务具有原子性；

可移植现有的 Solidity 源代码

我们在新的图灵完备型 ZincVM 的实现上取得了巨大的进步。除了已有的 Zinc 编程语言外，现在的 ZincVM 已经可以兼容任何能够用 Yul 语言生成中间表示（intermediate representation）的语言了（欢迎你 Solidity！）。

提醒一句，ZincVM 基于

LLVM⁠

，所以我们可以利用 LLVM 已有的优化和工具。也正因此，未来我们可以更容易地支持其它编程语言，比如原生支持 Rust 语言。

我们预计大部分 Solidity 语言编写的合约都可以兼容，即使需要修改，也是最小化的。

原生支持所有的以太坊钱包

zkSync 2.0 将原生支持以太坊的 ECDSA 签名方案（仰赖基于 PLONK 的查找表的高效电路实现）。也即是说所有的以太坊地址都可以直接在 zkSync2.0 上使用，不需要在浏览器中存储签名密钥，也不需要特殊的集成操作。

20000+ TPS —— 超越 zkRollup

这是我们尤为期待的属性！NFT 的繁荣意味着大规模的普及就在眼前。但是，你要引导几百万这些新进圈的主流用户正确的用法，就不是件容易的事，光靠 rollup 方案（不论是 ZK 还是 Optimistic）是不幸的，因为链上的数据空间也是有内在局限性的。

有鉴于此，zkSync2.0 将引入一个全新的整体架构，可以提供 zkRollup 和zkPorter账户的混合体验（用户可以自由选择，而且是完全可互操作的）：

zkRollup：以主网交易的 1/100 的代价，获得主网的极致安全性；

zkPorter：固定的交易开销（约为 0.01 美元），但只能得到密码学和密码经济学的保护 —— 也要好于 optimistic rollup。

⁠

What is zkPorter?

zkPorter (opens new window) puts data availability — essential transaction data needed to reconstruct state — offchain rather than on Ethereum. Instead, data availability is secured using proof of stake (PoS) by zkSync token stakers. This enables much higher scalability (tens of thousands TPS), and as a result, ultra-low transaction fees comparable with sidechains (in the range of a few cents).

The security of zkPorter is still better than any other L1 or sidechain. In the worst case, where a malicious actor controls both the sequencer and over ⅔ of the total stake, they can sign a valid state transition but withhold the data. In this case, the state is “frozen” and users will not be able to withdraw, but the attacker’s stake is frozen as well. Thus, there is no direct way for an attacker with a large stake to financially benefit from an exploit.

Matter Labs 宣布推出新型以太坊 Layer2 扩容方案 zkPorter 。zkPorter 是一种基于 zkSNARK 的新型扩容技术，灵活的数据可用性是 zkPorter 的核心设计目标，与 Validium 不同的是，zkPorter 通过结合 zkRollup 和分片技术来处理数据可用性，它能支持任意多个分片，每个分片都有自己的数据可用性策略，由分片内的智能合约定义，各分片的选择在个人帐户级别进行控制。zkPorter 将状态有效性（State validity）和数据可用性（Data availability）分离开：状态有效性由零知识证明统一实施，在继承 Layer1 安全性的同时提供了指数级的可扩展性；而数据可用性被委托给每个分片，它们可以自由试验不同的解决方案。Matter Labs 表示，目前 zkRollup 能在 ETH1.0 上达到 3000 TPS 的性能，且保守估计（取决于 ETH2.0 实施细节）在分片的 ETH2.0 上至少可以处理 20000TPS，但 zkPorter 的目标是支持数十亿用户的需求，需要进一步降低成本，提升性能。

What is the transaction finality in zkSync?

Optimistic Ethereum block production is primarily managed by a single party, called the "sequencer," which helps the network by providing the following services: Providing instant transaction confirmations and state updates. Constructing and executing L2 blocks. Submitting user transactions to L1.

The sequencer will provide a fast, offchain confirmation of your transaction. This confirmation is semi-trusted: a sequencer cannot trigger an invalid state update (e.g. steal funds) but can still fail to include a transaction after it was confirmed, or reorder transactions over a short window of time. 【Even you passed zk offchain, not until it is sync with the mainnet】

A transaction is considered final when a zero knowledge proof has been generated and posted to Ethereum. Depending on activity, this can take from 15 minutes to 3 hours.

Let’s Compare zkSync & Abitrum, Optimism(OR)

1) Significantly higher security

ZK Rollup eliminates reliance on watchers, replacing the game-theoretic economic security with cryptographic security — you trust pure math rather than incentivized actors.

2) Higher capital efficiency

In ORs, native withdrawals of any asset takes a long time (the best case: 1 week). This is a security parameter and cannot be reduced without an exponential decrease in security.

For fungible tokens, this problem can be mitigated by liquidity providers that have significant idle liquidity on the other side of the bridge. To compensate for the capital opportunity costs, the users are charged a fee to bypass the waiting period.

For smaller amounts this might be acceptable, but for professional traders this will already constitute a significant cost and will reflect on their margins. For institutions that need to periodically move huge volumes of liquidity (say, billions of dollars) between L1 and L2, this solution will not be efficient since it’s very unlikely that liquidity providers will keep that much money idle.

3) UX for NFTs

Native withdrawals of NFTs cannot be accelerated — the liquidity provider solution does not apply because NFTs are unique. Thus, to withdraw an NFT, users must wait 1 week or potentially more.

In zkSync, any withdrawal is finalized between 15 minutes and 3 hours, with faster times when there is higher activity.

4) Transaction costs

ZK Rollups are cheaper for most popular crypto use cases because it requires the least amount of data to be posted on-chain (no signatures and no transaction parameters).

However, for some common use cases, the cost savings are an order of magnitude more significant! Specifically, ZK Rollups only need to post the final changes to state, and since many transactions touch the same storage slots, this cost is amortized. For example, all trading and oracle update transactions in the same block come with zero data availability costs.

Finally, zkSync 2.0 will have an extension called zkPorter that offers constant 1-3 cent transaction fees by putting data offchain. Optimistic rollups fundamentally cannot have such an extension with off-chain data availability because there is no way for the watchers to verify the validity of every single transaction without public data for it. So, it’s not possible for them to offer such a hybrid system to users who prefer ultra-low fees over security.

Let’s have a Comparasion

The bridge validators are identical with the sidechain validators and use the same staking mechanism (e.g. in case of Polygon/Matic PoS).

The most important thing to understand about this topic is that no matter how the sidechain itself is secured, when it’s used as a scaling solution, security of the assets always depends on the goodwill of the majority of the bridge validators. (If the majority is compromised, they can irreversibly steal all of the assets.)

And since most bridges operate in a delegated PoS model under a low latency consensus requirement, the majority of the stake is usually controlled by only a handful of validator servers physically located in the same data center. The risk of all of these servers being compromised is nontrivial and a lot more than a theoretical threat!

zkRollup(On-chain) vs Sidechains

Lower Cost

Cost of zkRollups is 1/50 L1

zkPorter(Off-chain) vs Sidechains

Lower Cost & More Security

zkPorter relies on Ethereum for transaction validity and on zkSync token stakers for data availability. Malicious actor controls both the sequencer and over ⅔ of the total stake, they can sign a valid state transition but withhold the data. This would freeze the state and users would not be able to withdraw, but the attacker’s stake is frozen as well.

Comments from Enzo

One of the biggest disadvantage of zk is the computing power and time(around 40s) required to create a shielded transaction. It is unsustainable in long term, especially if you compare it to the concept of creating private channels for transactions between specific parties.

zk-Rollup is hard to build DApps, first of all you need to write the smart contract in a different language & know well in zk proof. Different zk-Rollup applications can’t interact with each other within Layer 2.

Bibliography:

⁠

https://zksync.io⁠

⁠

https://ethfans.org/posts/zksync-2-0-roadmap-update-zkevm-testnet-in-may-mainnet-in-august⁠

⁠

https://www.wikibit.us/202110154704233583.html⁠

⁠

http://www.lianyingcj.com/p/26205.html⁠

⁠

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.